3 matches found
CVE-2022-4943
The miniOrange's Google Authenticator plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when changing plugin settings in versions up to, and including, 5.6.5. This makes it possible for unauthenticated attackers to change the plugin's settings...
CVE-2022-4943
CVE-2022-4943 – miniOrange's Google Authenticator plugin for WordPress suffers an authorization bypass due to a missing capability check when changing plugin settings in versions
WordPress miniOrange's Google Authenticator Plugin <= 5.6.5 is vulnerable to Broken Access Control
Software miniOrange's Google Authenticator Type Plugin Vulnerable versions = 5.6.5 Fixed in 5.6.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4943 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 1f8ee97c6af1 Credits Ramuel Gal...